CVE-2020-9112 — Improper Privilege Management in Huawei Taurus-an00b Firmware

CWE-269 — Improper Privilege Management4 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.0%

top 93.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Huawei Taurus-an00b Firmware

Timeline

PublishedOct 19

Latest updateMay 24

Description

Taurus-AN00B versions earlier than 10.1.0.156(C00E155R7P2) have a privilege elevation vulnerability. Due to lack of privilege restrictions on some of the business functions of the device. An attacker could exploit this vulnerability to access the protecting information, resulting in the elevation of the privilege.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDhuawei/taurus-an00b_firmware< 10.1.0.156\(c00e155r7p2\)

▶CVEListV5huawei/taurus-an00b_firmwareVersions earlier than 10.1.0.156(C00E155R7P2)

🔴Vulnerability Details

GHSA

GHSA-xgmm-v76r-g7gj: Taurus-AN00B versions earlier than 10↗2022-05-24

▶

CVEList

CVE-2020-9112: Taurus-AN00B versions earlier than 10↗2020-10-19

▶

OSV

OpenJPEG vulnerabilities↗2020-09-15

▶